Bug fixes: HTTP/1 100 Continue handling and HTTP/2 idle connection shutdowns

Bug fixes:

• Fixed an issue where sending an HTTP/1 100 Continue response could overwrite parsed request header data and cause incorrect request verification.
• Fixed an issue where HTTP/2 replay could treat a clean peer connection close during delay or dependency waits as a fatal error instead of shutting down gracefully.

Dockerfile: Add curl for AuTests

This fixes a bug in the docker containers by adding curl to them so that some of the autests run appropriately. This is a bugfix only in the Dockerfiles for autests.

Request Presence Verification

The big new feature in this release is the ability to verify the absence of a request on the server. This can be useful, for instance, to verify that a request is served out of cache by the proxy rather than forwarding it onto the server.

This also has some build updates that should help make the release more portable on older hardware.

method, set-cookie, openssl 3.5, stack, etc

This is a big release. It is technically incompatible backwards because of the way it treats duplicate header fields, so I am making it a new major version.

Features (see the updated README.md for any of these):

• set-cookies have their own specialized verification semantics.
• protocol specifications now have a convenience stack paradigm.
• YAML file parsing can now be killed via Ctrl+C.
• Method verification is now possible in proxy-request.
• Verification rules that are specified but whose transactions are not seen produce a verification error. This is on by default but can be disabled via --allow-unprocessed-verifications.

Developer Updates:

• Proxy Verifier is now built via CMake.
• The dev Dockerfiles are updated for current operating systems.
• I've added AGENTS.md files to guide AI development, including a variety of helpful skills.
• The source files are consolidated under src.
• The library dependencies are updated to recent versions, including OpenSSL 3.5.

openssl quic 3.3

This updates the library dependencies, including the use of openssl quic 3.3 via dev branch since it hasn't landed yet in 3 months:
https://github.com/quictls/openssl/tree/wladd/quic-on-3.3-dirty

• nghttp2: v1.62.1
• nghttp3: v1.4.0
• ngtcp2: v1.6.0
• openssl-quic 3.3 (via wladd dev branch)

--poll-timeout and close-on-goaway

This release adds the following features:

• --poll-timeout : a new command line argument to specify what the socket timeout should be. The previous hard-coded value, and the current default value, is 5000 milliseconds.
• close-on-goaway: a new session directive for HTTP/2 connections that directs whether the verifier client will close the connection on a GOAWAY frame after processing outstanding streams, or continue to try to send the other specified streams from the replay file. The former behavior is the default as that is more in keeping with the RFC.

This release also contains HTTP/2 Expect: 100-Continue fixes.

--send-buffer-size

• This adds feature support for --send-buffer-size.
• It also has a fix for #289

Fix multi-DATA frame related bugs

This bug fix release contains fixes for transactions with multiple DATA frames specified.

Specify separate DATA frames

This release adds the ability to specify separate DATA frames in a replay file.

HTTP/2 trailer support

This release comes with a number of bug fixes and updates. The big new feature is HTTP/2 trailer support. This also includes:

• Transition to OpenSSL 3.1 from OpenSSL 1.1.1.
• Update the ng* library dependencies:
  • ngtcp2: v0.15.0 to v0.16.0
  • nghttp3: v0.11.0 to v0.12.0
• Update libswoc from 1.3.7 to 1.5.1. This adds support for the newest compilers used by fedora:38.
• Updates Expect: 100-continue support. The previous behavior was compliant, but this makes it so the client actually waits to send the body until the 100 Continue response is received.
• Updates the HTTP/2 test proxy to use the currently supported h2 library rather than the abandoned httpx library.